Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- // The article parameter is assigned to $article variable without any sanitization or validation:
- $articleid = $_GET[‘article’];
- // The $articleid parameter is then passed as part of the query. Easy. This is just a simple select statement, like below.
- $query = "SELECT * FROM articles WHERE articleid = $articleid";
- If you were to set the value of the parameters to 1 AND 1=1, the query then subsequently becomes:
- $query = "SELECT * FROM articles WHERE articleid = 1 AND 1=1";
- Now, if we simply use logic here, one can come to the conclusion that 1 is not equal to 2, right? If a user changes the parameter to 1 AND 1=2, it returns nothing because 1 is not equal to 2!
- Bingo. There is an article with an ID of 1, and 1 equals to 1 which is true. I think right? I don't know, it's been awhile since I took 2nd grade math. Because of this knowledge, you can now adjust the string yourself.
- There can be various other username and password combinations to play with the vulnerable sites. You can even create your own new combinations for the site login page. I will get to finding that information later in the guide.
- Some sample combinations can be:
- username:' or 1='1 password:' or 1='1
- username:' or '1'='1' password:' or '1'='1'
- username:or 1=1 password:or 1=1
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement